Plantronics Hub - Privilege Defined With Unsafe Actions
A local privilege-escalation vulnerability exists in the Plantronics Hub for Windows client application. A local attacker can exploit this vulnerability to gain elevated privileges.
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
Last Update: 3/7/2022
Initial Public Release: 8/30/2019
Advisory ID: PLYAP19-08
CVE ID: CVE-2019-15742
CVSS Score: 7.8
|Plantronics Hub Desktop Application (Windows)||
Prior to 3.14
|Update Plantronics Hub for Windows version 3.14 or later|
Poly recommends customers upgrade to firmware build 3.14 or later.
There is no workaround.
Poly would like to thank Markus Krell from NTT Ltd. for reporting security vulnerabilities to us and for their coordinated disclosure.